Abstract — Although the cloud compu

Abstract — Although the cloud computing model is considered
to be a very promising internet-based computing platform, it
results in a loss of security control over the cloud-hosted assets.
This is due to the outsourcing of enterprise IT assets hosted on
third-party cloud computing platforms. Moreover, the lack of
security constraints in the Service Level Agreements between
the cloud providers and consumers results in a loss of trust as
well. Obtaining a security certificate such as ISO 27000 or
NIST-FISMA would help cloud providers improve consumers
trust in their cloud platforms’ security. However, such
standards are still far from covering the full complexity of the
cloud computing model. We introduce a new cloud security
management framework based on aligning the FISMA
standard to fit with the cloud computing model, enabling cloud
providers and consumers to be security certified. Our
framework is based on improving collaboration between cloud
providers, service providers and service consumers in
managing the security of the cloud platform and the hosted
services. It is built on top of a number of security standards
that assist in automating the security management process. We
have developed a proof of concept of our framework using
.NET and deployed it on a testbed cloud platform. We
evaluated the framework by managing the security of a multitenant
SaaS application exemplar.